Spyware, Viruses, & Security forum

General discussion

Scanned my computer today w AVG, deteced a Trojan horse.

by Big Steve / April 4, 2008 8:45 AM PDT

As I do everyday I scan my computers with AVG's free AV and AS and Comodo Boclean is running in the background. After finishing a scan on my desktop today the AVG AV deteced the following item which was immediately placed in the vault.

Trojan horse Generic_c.IKY

Healable - No
Source - Backup copy
Status - Infected

Never had a trojan horse hit this desktop before, now what? Simply delete it from the vault like I delete tracking cookies detected every day by the AVG or what? Feedback please.

Discussion is locked
You are posting a reply to: Scanned my computer today w AVG, deteced a Trojan horse.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Scanned my computer today w AVG, deteced a Trojan horse.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Steve, I would leave it in the
by roddy32 / April 4, 2008 8:50 AM PDT

vault for a few days to make sure it is not a false positive. It won't hurt anything in there. After a while if the computer and all your programs are still working OK, I would delete it then.

Collapse -
Re: Steve, I would leave it in the
by Big Steve / April 4, 2008 9:17 AM PDT

Will do that. Something in the details mentioned the term "Java". I was prompted the other day to update my "Java" and because I have it I did. Could doing so have created my problem? Thanks for your post.

Collapse -
Tfhat is possible Steve but I doubt if you
by roddy32 / April 4, 2008 10:48 AM PDT

got a trojan updating Java unless you updated via some third party instead of Sun. As I said, it might be a false positive also.

Collapse -
Re: Tfhat is possible Steve but I doubt if you
by Big Steve / April 4, 2008 11:44 AM PDT

At the bottom of my desktop's monitor screen the other day an orange icon appeared, when I moved my pointer over it it said Java has updates for you to download so I clicked on it but in the future you're recommending I go directly to Java's website instead for future updates?

Speaking of updates about once a week I receive an email telling me Microsoft has updates for me so I go directly to Microsoft's website, click on Microsoft Updates; Microsoft then begins to scan my computer so it says to let me know if I can receive updates; after it's done it gives me 2 choices.

The top one which I don't recall what it's called except it says "highly recommended" and the one right below that one which says "custom", I click on the first one, "highly recommended" and let it do it's thing and after it's finished it always says no updates are available.

That Microsoft website is overwhelming, besides checking Microsoft Updates should I check anything else on that site? I have the free version of AVG AV and AS as well as Comodo on this computer, Windows firewall is "enabled", my computer is set to receive updates automatically at 3:00 a.m., have I got everything about covered? Thank you for your post.

Collapse -
Steve, in your second post
by roddy32 / April 4, 2008 9:10 PM PDT

you said "Something in the details mentioned the term "Java". I was prompted the other day to update my "Java" and because I have it I did. Could doing so have created my problem?"

I highly doubt if the 2 things are related. This part here "Something in the details mentioned the term "Java" is too vague. I am going to GUESS that AVG told you that the trojan was in the java cache but this is just a GUESS because you did not give the exact message. You already said that AVG put the trojan in the vault and I already told you what to do in my first post.

We are getting sidetracked from your original question here but I will try and answer your other questions anyway.

As far as the java notification in your tray, that SOUNDS like it was legit but I don't know what that notice looks like because I don't have my java set to notify me for updates. I have the update portion of java disabled because we always post in this forum when java has been updated so I see no need for it but that is just ME. I am NOT telling YOU to do that. If you go to the control panel and double click on the java icon and then hit the "about" button and tell me the version, I will tell you if it is the lastest.

To the best of my knowledge, Microsoft does not send out weekly e-mails telling you that you have updates unless you are subscribed to some sort of service that I am unaware of so I don't know who you are getting those e-mails from. There are a huge number of scam e-mails like that which are trying to get you to click on a link in the e-mail which would take you to a rogue website but it does not look like you are doing that because you said you go to the Windows Updates site when you get those e-mails. The reason that the scan tells you "let it do it's thing and after it's finished it always says no updates are available. " is because you also said you have your updates set to "automatic" which means that you probably already have them. Once again, this is a GUESS because I have NO IDEA how you have you computer set up for all this stuff. Those e-mails that you are receiving are probably scams.

Just for your future reference. Microsft releases windows update once a MONTH on the second Tuesday of each month and NOT once a WEEK. We always post in this forum when they are released. Occasionally they will release an emergency one out of that cycle but that is rare. If and when they do, that will also be posted in this forum. IF you have your Windows Updates set to "Automatic" then you should be updated automatically when the updates are released in EITHER case.

Steve, I would suggest that you visit the "Computer Newbies" forum and take some time and read Grif's "Tips for newbies" thread which is stuck to the top of that forum. He explains a lot of things in there which might be of use to you.

Collapse -
Re: Steve, in your second post
by Big Steve / April 4, 2008 11:27 PM PDT

I went to Control Panel, add or remove programs, did some looking around and noticed I had not one but two Java updates listed.

Java(TM)6 Update 2
Version 1.6.0.20

Java(TM)6 Update 5
Version 1.6.0.50

As for details about the trojan horse I went to the vault center in my AVG AV and this is what it said:

Trojan horse Generic_c.IKY
File name - 18652a7c-44038146
File size - 827 bytes(?)

As for those notices of Java updates which would appear at the lower right hand corner of my monitor's screen up popped 2 orange squares with Java's logo in them, then a small balloon appeared with the message that said Java updates were available, click here now to update. That's about it.

As for the Microsoft situation I have been receiving emails, I assumed they came from Microsoft telling me that updates were available, click here to update but as I stated previously I never clicked anything.

I would delete the email, go to Microsoft's website, locate the link on that page that's labeled Microsoft Updates, click on it and I would check for updates but as I also stated previously after it scanned for updates it would tell me that no updates were currently available.

Collapse -
OK, Steve, you need to do this
by roddy32 / April 4, 2008 11:47 PM PDT

Go into add/remove programs and there are probably TWO entries in there for Java because of what you are showing in the control panel.

Java(TM)6 Update 2 This is an old one and you need to remove it from add/remove programs
Version 1.6.0.20

Java(TM)6 Update 5 This is the latest version so you want to keep it.
Version 1.6.0.50

This is one bad thing about Java, even when you update it, the old versions are not removed during that process so they have to be removed manually via add/remove programs.

"As for details about the trojan horse I went to the vault center in my AVG AV and this is what it said:

Trojan horse Generic_c.IKY
File name - 18652a7c-44038146
File size - 827 bytes(?)" This does not say anything about Java so just keep it in the vault for a week or 2 to make sure it is not a false positive and if everything on the computer is running OK after that, then delete it.


As far as the Microsoft e-mail, I am sure that is a scam but as long as you do not click on anything in the e-mail, then it will not hurt you, just delete it.

If the scan at Microsoft/Windows Updates tells you have you do not need anything whever you go there, then you must be getting them automatically but I don't know how you have that set up. You can check that this way.

Click on "start", then right click on "My Computer", then left click on "properties", then left click at the top where it says "Automatic updates". Look and see which box has the tick in it.

Collapse -
Re: OK, Steve, you need to do this
by Big Steve / April 5, 2008 1:40 AM PDT

Java Update 2 is now gone, Java Update 5 was left alone. I have another Java listed in control panel; details below.

Java 2 Runtime Environment, SE v1.4.2_03

I left that one alone, should I remove it or just leave it alone?

As for the Microsoft Updates I did just as you suggested, the box checked is as follows:

Automatic - Every day at 3:00 a.m.

Collapse -
Yes Steve. Go back into
by roddy32 / April 5, 2008 1:59 AM PDT

add/remove programs and see if "Java 2 Runtime Environment, SE v1.4.2_03" is listed in there. If it is, then remove it.

You are all set with your Windows Updates because you have it set for automatic which is fine. That also explains why there is nothing at the website when you go there and scan. You already have them

You need to remember one thing though. The automatic updates ONLY install the high priority ones. You need to go to the Microsoft/Windows update site occasionally and choose "Custom" scan. That will scan and notify you if there are any other Optional NON-priority updates/ available. This does NOT mean that you have to take them. Some you may want and some you may not want.

Collapse -
Re: Yes Steve. Go back into
by Big Steve / April 5, 2008 7:28 AM PDT

Java 2 Runtime Environment is gone, I will do as you suggested concerning Microsoft Updates. Thanks for the post.

Collapse -
(NT) You're welcome Steve
by roddy32 / April 5, 2008 8:14 AM PDT
Collapse -
same generic_c.IKY Trojan horse reported AVG (in Java cache)
by jump007 / April 5, 2008 7:42 AM PDT

Like Steve, I got the same sequence of events on 4.4.08. Java poped up and ask to run an update while I was surfing the internet.
The infected files (AVG scanned) are located in:

C:\Documents and Settings\Udo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-63e98f2c-1cbcadda.class

C:\Documents and Settings\Udo\Application Data\Sun\Java\Deployment\cache\6.0\20\7af974d4-414f19cf

I am pretty sure that this was a false Java update. I tried to check the time stamp (they files were created at 2.35PM), but I could not identify anything in temporary internet files at the time.
Any suggestions?

Udo

Collapse -
virus..
by age_597 / April 5, 2008 8:39 AM PDT

yeah same happened to me with that java update...when avg came up i healed...who should i do now.. its infected in a few different profiles in my computer as well..

Collapse -
age_597, please follow the
by roddy32 / April 5, 2008 10:30 AM PDT
Collapse -
Scanned my computer today w AVG, deteced a Trojan horse
by cycler1729 / April 6, 2008 1:56 AM PDT

I had the same thing happen to me today. The last time I was on the computer was Friday afternoon and when my AVG scan ran automatically I got the exact same message.
I did a search and it brought me to this board and your question.
I wonder if we visited any of the same sites last week?
On one site, Iwon (which I've been using for years and never had any trouble) two separate times I received a message (I don't remember exactly what it said) that there was an Adobe program not running properly so I closed that page.

Collapse -
Re: Scanned my computer today w AVG, detected Trojan horse
by Big Steve / April 6, 2008 6:22 AM PDT

Sorry but I only visit this great site when I have these kinds of questions.

Collapse -
If the infected file was ...
by Kees Bakker / April 6, 2008 6:36 AM PDT

a java related file coming directly from Sun, as it seems, it must be a false positive. If it's removed, some part of Java will fail on your machine.

Kees

Collapse -
Exactly which is why I told Steve
by roddy32 / April 6, 2008 6:47 AM PDT

in my very fist post to leave it in the vault without deleting it until we know for sure it was not a false positive.

Collapse -
That's true.
by Kees Bakker / April 7, 2008 3:29 AM PDT

But you never can tell when a java applet you download uses this particular piece of code. Maybe it will never fail. Maybe it will fail in 13 months. Small chance it's within a week or two.
And surely AVG will change their program so it's no longer recognised as a virus by then.

Kees

Collapse -
Re: That's true
by Big Steve / April 7, 2008 4:16 AM PDT
In reply to: That's true.

It will be a week pretty soon since my PC got hit with that trojan horse which my AVG AV quickly put into it's vault. Roddy32 instructed me last week to let it stay in the AVG vault for about a week then to go ahead and delete it.

Now here's my next question, which tab do I click on in the AVG vault center to delete the trojan horse from my PC? I could not find a tab labeled "delete". Thank you for your post and advise whenever you can.

Collapse -
This way...
by glenn30 / April 7, 2008 7:03 AM PDT
In reply to: Re: That's true

From the AVG Control Center I click on the "Virus Vault"... at the bottom of that window is "Empty Vault" button. Click it... that's all there is to it in AVG Free.

Hope this helps.

Glenn

Collapse -
Re: This way...
by Big Steve / April 7, 2008 7:33 AM PDT
In reply to: This way...

That sounds easy enough. Roddy32 if you're out there is it OK to go ahead and delete that trojan horse item today or do you recommend that I leave it in the vault until Friday? Advise if you're on board today.

Collapse -
Steve, it has only been 3 days
by roddy32 / April 7, 2008 8:08 AM PDT
In reply to: Re: This way...

but it is up to you whether you delete it or not. I would recommend testing your Java first to make sure it is still working while that file is still in the vault. You can do that at the below link. Give it a few minutes to load and as long as Java is working, you will see a little dancing guy and your version will be listed once the test completes.
http://www.java.com/en/download/help/testvm.xml

Collapse -
Re: Steve, it has only been 3 days
by Big Steve / April 7, 2008 8:39 AM PDT

Roddy32:

OK the man is dancing, testing apparently was successful so it said, details below.

Sun Microsystems, Inc.
Version: 1.6.0_05
Operating system: Windows XP
Operating system version: 5.1

You da man Roddy32.

Collapse -
(NT) Good deal Steve :)
by roddy32 / April 7, 2008 9:21 AM PDT
Collapse -
Re: (NT) Good deal Steve :)
by Big Steve / April 7, 2008 9:41 AM PDT
In reply to: Good deal Steve :)

Roddy32:

Would you answer the question I raised in my 4:16 p.m. post, post #28 about deleting the trojan in the AVG vault?

Collapse -
Personally ...
by Kees Bakker / April 7, 2008 11:46 PM PDT

I wouldn't delete it, as it isn't a trojan, but a bona fide java class library from Sun. So I would restore the file.

But that's up to you, of course.

Kees

Collapse -
Re: This way...
by Big Steve / April 7, 2008 9:16 AM PDT
In reply to: This way...

My free AVG AV, Version 7.5's vault does not have any box at the bottom to go to to delete anything but what it does have is this, at the top of the vault box in the left hand corner there is a tab labeled "ACTION" and the choices are as follows:

1. Empty vault
2. Delete file(s)
3. Restore file(s)
4. Restore file(s) as...

I guess when I decide to do it I would choose #1, correct?
I checked in Control Panel and it said there that I use this software "occasionally" and that it was last used on May 09, 2007. I use this program every day, I update it and scan with it daily. Why would the information in Control Panel say otherwise? Any thoughts on that?

Collapse -
Re: Emptying the vault...
by glenn30 / April 7, 2008 9:47 AM PDT
In reply to: Re: This way...

Yes you can empty the entire vault as you say. You can empty individual files by right clicking on the file shown in the vault by using (#2) Delete.

I have no thoughts as to the last used date... cannot find anything like that in my AVG Control Panel. If you can point me to exactly where you are seeing this maybe I can compare yours with mine.

Is your version completely up-to-date? Mine was last updated to version 7.5.519 which is the latest.

Hope this helps.

Glenn

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.